Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« An eBay Message Scam | Main | This "Millionaire" Should Buy Some English Lessons »

December 10, 2006

One Way a Hijacked eBay Account Gets Used

A friend of mine passed along an email received by a legitimate eBay seller of fine art. The seller had an antique photograph up for auction that also had a "Buy It Now" price of $450.00. Another eBayer bought it now and then sent the following message:

hello ,
One of my client has told me to help him to purhcase your your item .After looking at the adverts on ebay ,i noticed you have it for sale and i have clicked buy it now .BECAUSE THE ITEM IS NEEDED TOWARDS THIS COMING XMAS.Please get back to me i will like to pay you CASHIER CHECK. Send me you NAME .My CLIENT would prepare and send you a CASHIER CHECK for payments as soon as i hear from you.i would also want you to know that you would send any excess funds on the CASHIER CHECK after deducting the totaL cost of your item ,and any excess funds on the CASHIER CHECK would be my own profit +shipping+costom clearance.
I WILL HANDLE THE SHIPPING OF the good myself you do not have to worry your self about the shipping i will send DHL to come and pick the item because the item will be shipped to AFRICA and the funds would be sent to me via western union money transfer.I await your reply with necessary information so payments can be sent immediately. and i will need ur Honest.
1]I WILL LIKE TO KNOW IF THE ITEM IS IN GOOD CONDITION,
2]LET ME KNOW IF YOU WILL BE HONEST TO SEND THE REMAINDER MONEY VIA WESTERN UNION.
3] YOU CAN GET BACK TO ME WITH NAME AND ADDRESS YOU WANT THE PAYMENT TO BE ISSUED TO PLUS YOUR PHONE #

The message included a copy of the eBay "end of item" notification that showed the buyer's account name, address (in New York state), and so on.

The problem, however, is that the human buyer who had clicked the "Buy It Now" button and was now sending payment instructions (more on that in a minute) was not the human who originally opened the eBay account. The original account owner had been duped by an eBay phishing message to give up his username/password to crooks. They immediately changed the password and email address on the account so that the original owner could not recover the account and any good feedback ratings that he had accumulated.

Now comes this schmuck with the payment instructions that follow an all-too-familiar advance-fee scam formula. The cashier check arrives for substantially more than the payment; the seller deposits the check; in a couple of days, the bank says the check has cleared; the seller wires the balance of funds to the crook; a couple of weeks later, the cashier's check comes back, having bounced to High Heaven; the seller is out all the money and the expensive item now shipped to Africa; the bank that had told him the check had cleared offers zero sympathy.

The crooks use this stolen account for several of these transactions until bilked sellers complain enough for eBay to kill the account. By then, plenty of items and bucks may have been ripped off from honest sellers who aren't aware of the scam. And even if they are aware of the scam, they have to relist the item and appeal to eBay to recover the listing fees. Aaargh!

Phishers need to be strung up!

Posted on December 10, 2006 at 12:08 AM